[Bug 752842] New: privacy extensions IPv6 are enabled since 12.1 and on
https://bugzilla.novell.com/show_bug.cgi?id=752842 https://bugzilla.novell.com/show_bug.cgi?id=752842#c0 Summary: privacy extensions IPv6 are enabled since 12.1 and on Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: roeland@linux-it.nl QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 at least since 12.1 and 12.2M2, the IPv6 privacy extensions are enabled leading to a daily changing IPv6 address. Now, I have *selected* static IP addresses, which obviously is incompatible with privacy extensions. Reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: I would expect it to be off. If people want to have it on, then have them select it. Administratively it's a pain if the extensions are on. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c1
kk zhang
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c2
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c3
roeland jansen
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c4
Li Bin
the IPv6 address is changing every approx 24 hours.
reproduce: just install oS11.4/12.1
/etc/sysctl.conf should have a line like:
# NO RANDOM "PRIVACY" GENERATION OF ADDRESSES net.ipv6.conf.default.use_tempaddr = 0
(instead of having to switch off this undesired generation by hand).
e.g. the default should be -- do not generate random privacy addresses, unless specified in the yast systemconfig editor.
(what happens is that the IP address changes every day so you cannot reliably connect to such a system over IPv6. That doesn't make sense)
Understood now, I don't have an IPv6 for testing. just view my sysctl.conf file, and can't find the use_tempaddr, do you add it? What's the result of removing this line? Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c5
--- Comment #5 from roeland jansen
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c6
roeland jansen
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c7
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c8
--- Comment #8 from roeland jansen
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c9
Marius Tomaschewski
Marius,
Does we support static IPv6 in network? thanks!
Yes, just configure it. (In reply to comment #8)
In versions before 12.1, the privacy extensions were disabled by default. You can switch them on if you like.
However as of 12.1 and 12.2 they are enabled by default. Thta's IMHO undesirable.
Yes, in your opinion :-) Sorry, this is an intended change: * Di Mai 17 2011 lnussel@suse.de - load sysctls earlier (bnc#664550) - move distro defaults to /lib/sysctl.d to avoid .rpmnew files - enable IPv6 privacy by default (bnc#678066) When you don't like it, disable it or set it to 1: Preference for Privacy Extensions (RFC3041). <= 0 : disable Privacy Extensions == 1 : enable Privacy Extensions, but prefer public addresses over temporary addresses. > 1 : enable Privacy Extensions and prefer temporary addresses over public addresses. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c10
roeland jansen
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c11
--- Comment #11 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c12
Marius Tomaschewski
1) if dhcp is used, we assume a portable system and have privacy extensions enabled by default via a box click box next to the IPv4 DHCP selection.
If dhcp is used you are on a managed network and this setting isn't used at all, when the router does not permit autoconf in its RA, e.g.: AdvManagedFlag on; # enables DHCPv6 AdvOtherConfigFlag on; # other config also DHCPv6 prefix 2001:DB8:ABBA:BEBE:/64 { AdvAutonomous off; # disallows clients to assign # IPv6 addresses by them self }; On the dhcp6 server, you can can simply enable to use privacy extensions (ISC dhcp /dhcpd6.conf): subnet6 2001:DB8:ABBA:BEBE:/64 { ... # (i.e., direct application of RFC 4941) range6 2001:DB8:ABBA:BEBE:/64 temporary; ... # ... ddns-updates on; ... } and even update the dns records automatically using the temp addr. Basically, enabling privacy extensions without to use them, does not make much sense. And yes, it is about (mobile) client systems. Without this setting, their would use their MAC address based IPv6 address by default. On systems which provide services, you have to actively configure the services anyway and you can either change the setting or also configure the service to use a specific address (static or mac bases when you like). What could be done is that pattern trigger to install rpm which provides them, that is: pattern laptop installs sysctl-enable-tempaddr.rpm pattern desktop installs sysctl-enable-tempaddr.rpm pattern server installs sysctl-disable-tempaddr.rpm or something like this... This would be IMO an improvement. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c13
--- Comment #13 from Marius Tomaschewski
What could be done is that pattern trigger to install rpm which provides them, that is:
pattern laptop installs sysctl-enable-tempaddr.rpm pattern desktop installs sysctl-enable-tempaddr.rpm
pattern server installs sysctl-disable-tempaddr.rpm
or something like this... This would be IMO an improvement.
But a lot effort to maintain for one single byte... :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c14
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c15
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c16
--- Comment #16 from Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c17
--- Comment #17 from Marius Tomaschewski
with enable==3 and disable==9.
Huh? Again: Ahm... there are 3 settings, but I think we can reduce it to a checkbox with enable==2 and disable==0. The setting 1 (enable, but don't use) is IMO some kind of special case. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c18
Christian Boltz
with enable==3 and disable==9.
Huh? Again:
Ahm... there are 3 settings, but I think we can reduce it to a checkbox with enable==2 and disable==0.
The setting 1 (enable, but don't use) is IMO some kind of special case.
Now imagine someone wrote the "special case" setting 1 in the configfile manually and then opens YaST - how will you/YaST display the checkbox state? ;-) (Maybe a dropdown with "yes/no/maybe ;-)" would be the better choice?) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c19
--- Comment #19 from roeland jansen
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c20
--- Comment #20 from Marius Tomaschewski
(In reply to comment #17)
Ahm... there are 3 settings, but I think we can reduce it to a checkbox with enable==2 and disable==0.
The setting 1 (enable, but don't use) is IMO some kind of special case.
Now imagine someone wrote the "special case" setting 1 in the configfile manually and then opens YaST - how will you/YaST display the checkbox state? ;-)
Grayed out? ;-)
(Maybe a dropdown with "yes/no/maybe ;-)" would be the better choice?)
Yes, sure... Of course it is always better to implement it completely using a combo or (some 3 states checkbox when available) with 3 states: "disable privacy/enable but prefer public/enable and prefer private" I just have had the yast2 "html" proposal page in my head and there are usually links to disable/enable code only... (In reply to comment #19)
guys just wanted to say that the proposed enhancement sounds very sweet and thanks already!
Roeland
OK, even we would not like to deliver what you originally requested, it makes me happy that we found a way to satisfy you! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752842
https://bugzilla.novell.com/show_bug.cgi?id=752842#c21
Martin Vidner
http://bugzilla.novell.com/show_bug.cgi?id=752842
http://bugzilla.novell.com/show_bug.cgi?id=752842#c22
Jiri Bohac
http://bugzilla.novell.com/show_bug.cgi?id=752842
http://bugzilla.novell.com/show_bug.cgi?id=752842#c23
Jiri Bohac
Privacy extensions should default to OFF.
I opened bsc#988023 to have the default changed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com